So in the code below you'll notice the comment "// This item is obfuscated and can not be translated."
What I'm wondering is does that mean that the comment is there in place of some obfuscated code and what follows is not actually obfuscated or does it mean "the following code is obfuscated"?
From what I can find on the web it sounds like the former but I'm not sure. The code clearly looks obfuscated but it's not untranslatable, just hilarious.
public static NameValueCollection ParseStringIntoNameValueCollection(string responseString, bool undoCallbackEscapes)
{
// This item is obfuscated and can not be translated.
NameValueCollection values;
string[] strArray;
int num;
string str2;
string str3;
int num3;
goto Label_0027;
Label_0002:
switch (num3)
{
case 0:
if (!undoCallbackEscapes)
{
goto Label_0057;
}
num3 = 4;
goto Label_0002;
case 1:
goto Label_00E5;
case 2:
if (num < strArray.Length)
{
string str = strArray[num];
int index = str.IndexOf('=');
str2 = str.Substring(0, index);
str3 = str.Substring(index + 1);
num3 = 0;
}
else
{
num3 = 6;
}
goto Label_0002;
case 3:
if (7 < (7 - 5))
{
goto Label_0071;
}
goto Label_00E5;
case 4:
str2 = unEscapeCallbacks(str2);
str3 = unEscapeCallbacks(str3);
num3 = 5;
goto Label_0002;
case 5:
goto Label_0057;
case 6:
return values;
}
Label_0027:
values = new NameValueCollection();
strArray = responseString.Split(new char[] { '&' }, StringSplitOptions.RemoveEmptyEntries);
num = 0;
num3 = 1;
goto Label_0002;
Label_0057:
values.Add(str2, str3);
num++;
num3 = 3;
goto Label_0002;
Label_00E5:
num3 = 2;
goto Label_0002;
}
Update: I did find this... "Sometimes, not too often, when Reflector is disassembling source code for you, it will show "This item is obfuscated and can not be translated" instead of code."
Which to me implies that it's covering up obfuscated code with the comment. Can anyone verify this? I did look at the IL and it seems like it's showing everything so maybe that statement isn't accurate.
To me this code looks like it was obfuscated by a 5 year old with a knowledge of BASIC as opposed to some obfuscation software.
It seems to look obfuscated in the sense, that it's a string function that splits up a string based on the ampersand and goes through the switch
/case
to determine how to handle it. The usage of goto
is purely (by the look of it) to confused code readers in a somewhat bad way...
Sure you can load any .NET EXE/DLL using Redgate's reflector (Formerly Rutz Loeder's Reflector) to analyze and dump the code, so no matter how 'obfuscated' it is, obfuscation does not really serve a purpose as the code can be decompiled quite easily.
There is no real way of protecting the .NET EXE/DLL unless it is encrypted and using a unmanaged C/C++ code to load the .NET runtime, decrypt the .NET EXE and load that into a newly hosting appdomain...
Hope this helps, Best regards, Tom.
No matter how obfuscated it is, you should always be able to decompile into IL, so you can look at that and see if reflector is actually showing you everything.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With